In case anyone is wondering why there is no security in this code, it's because I'm a newb, this is my first project, and I am doing this in layers so to speak, meaning that I need to get this basic code working before I can start adding security.
Code: Select all
<?php # - register.php -
$page_title = 'Register';
include ('./includes/header.inc.htm');
// Check if the form has been submitted.
if (isset($_POST['submitted'])) {
$errors = array(); // Initialize error array.
// Check for a first name.
if (empty($_POST['first_name'])) {
$errors[] = 'You forgot to enter your first name.';
} else {
$fn = trim($_POST['first_name']);
}
// Check for a last name.
if (empty($_POST['last_name'])) {
$errors[] = 'You forgot to enter your last name.';
} else {
$ln = trim($_POST['last_name']);
}
// Check for a date of birth.
if (empty($_POST['month'])) {
$errors[] = 'You forgot to enter students birthdate.';
} else {
$dob = trim($_POST['year']).($_POST['month']).($_POST['day']);
}
// Check for a last name.
if (empty($_POST['sex'])) {
$errors[] = 'You forgot to enter students sex.';
} else {
$sex = trim($_POST['sex']);
}
//following fields not mandatory
// Check for a school attending.
if (empty($_POST['school'])) {
$school ='null';
} else {
$school = trim($_POST['school']);
}
// Check for a medical issues.
if (empty($_POST['medical'])) {
$medical ='null';
} else {
$medical = trim($_POST['medical']);
}
// Check for a students phone.
if (empty($_POST['students_phone'])) {
$stud_phon ='null';
} else {
$stud_phon = trim($_POST['students_phone']);
}
// Check for a students email.
if (empty($_POST['student_email'])) {
$stud_email ='null';
} else {
$stud_email = trim($_POST['stud_email']);
}
// Check for notes.
if (empty($_POST['notes'])) {
$notes ='null';
} else {
$notes = trim($_POST['notes']);
}
if (empty($errors)) { // If everything's okay.
// Register the user in the database.
require_once ('./includes/mysql_connect.php'); // Connect to the db.
// Make the query.
$query = "INSERT INTO student_info (sid, first_name, last_name, sex, reg_date, dob, school, email, phone, active, medical_issues, notes, secret_classification, last_update) VALUES ('null', '$fn', '$ln', '$sex', now(), '$dob', '$school', '$stud_email', '$stud_phone', 'y', '$medical', '$notes', '0', 'null' )";
$result = @mysql_query ($query); // Run the query.
if ($result) { // If it ran OK.
// Send an email, if desired.
// Print a message.
echo '<h1 id="mainhead">Thank you!</h1>
<p>You are now registered. In Chapter 9 you will actually be able to log in!</p><p><br /></p>';
// Include the footer and quit the script (to not show the form).
//include ('./includes/footer.htm');
exit();
} else { // If it did not run OK.
echo '<h1 id="mainhead">System Error</h1>
<p class="error">You could not be registered due to a system error. We apologize for any inconvenience.</p>'; // Public message.
echo '<p>' . mysql_error() . '<br /><br />Query: ' . $query . '</p>'; // Debugging message.
include ('./includes/footer.inc.htm');
exit();
}
mysql_close(); // Close the database connection.
} else { // Report the errors.
echo '<h1 id="mainhead">Error!</h1>
<p class="error">The following error(s) occurred:<br />';
foreach ($errors as $msg) { // Print each error.
echo " - $msg<br />\n";
}
echo '</p><p>Please try again.</p><p><br /></p>';
} // End of if (empty($errors)) IF.
} // End of the main Submit conditional.
?>
<table width="700" height="604" border="0" align="center" cellpadding="0" cellspacing="0">
<tr>
<td width="46" height="26"> </td>
<td width="620"> </td>
<td width="34"> </td>
</tr>
<tr>
<td height="493"> </td>
<td><form id="form1" name="form1" method="post" action="">
<table width="700" height="176" border="0" cellpadding="0" cellspacing="0">
<tr>
<td width="224"><label for="textfield">First Name</label>
<input type="text" name="first_name" accesskey="f" tabindex="1" id="textfield" /></td>
<td width="230"><label for="label">Last Name</label>
<input type="text" name="last_name" accesskey="l" tabindex="2" id="label" /></td>
<td width="246">
Date of Birth<br/>
<?php # Script 2.7 - calendar.php
// This script makes three pull-down menus for an HTML form: months, days, years.
// Make the months array.
$months = array (1 => '','January', 'February', 'March', 'April', 'May', 'June', 'July', 'August', 'September', 'October', 'November', 'December');
// Make the days and years arrays.
$days = range (1, 31);
$years = range (1975, 2005);
// Make the months pull-down menu.
echo '<select name="month">';
foreach ($months as $key => $value) {
echo "<option value=\"$key\">$value</option>\n";
}
echo '</select>';
// Make the days pull-down menu.
echo '<select name="day">';
foreach ($days as $value) {
echo "<option value=\"$value\">$value</option>\n";
}
echo '</select>';
// Make the years pull-down menu.
echo '<select name="year">';
foreach ($years as $value) {
echo "<option value=\"$value\">$value</option>\n";
}
echo '</select>';
?><br/></td>
</tr>
<tr>
<td><p><br/>
<label>
<input type="radio" name="sex" value="f" />
Female</label>
<br />
<label>
<input type="radio" name="sex" value="m" />
Male</label>
<br />
</p></td>
<td>
<br/>
<label for="label2">School</label>
<br/>
<input type="text" name="school" accesskey="o" tabindex="5" id="label2" />
<br>
<span class="note">For students in k-12</span></td>
<td>
<br/>
<label for="textarea">Known medical issues / Instructions</label>
<textarea name="medical" cols="35" id="textarea" accesskey="m" tabindex="6"></textarea>
</td>
</tr>
<tr>
<td height="76"><label for="label3">Students phone </label>
<input type="text" name="student_phone" accesskey="p" tabindex="8" id="label3" /></td>
<td><label for="label4">Students email</label>
<input type="text" name="student_email" accesskey="e" tabindex="9" id="label4" /></td>
<td><label for="label5">Notes</label>
<textarea name="notes" cols="35" id="label5" accesskey="n" tabindex="10"></textarea></td>
</tr>
</table>
<label for="textfield"></label>
<p>
<div align="center">
<label for="Submit"></label>
<input type="submit" name="Submit" value="Submit" accesskey="z" id="Submit" />
<br />
<input type="hidden" name="submitted" />
</p>
</div>
</form>
</td>
<td> </td>
</tr>
<tr>
<td> </td>
<td> </td>
<td> </td>
</tr>
</table>
</body>
</html>